//package com.ahdms.es.container;
//
//import com.ahdms.es.util.Base64Utils;
//import com.ahdms.es.util.SM2Utils;
//import org.bouncycastle.asn1.x509.Certificate;
//import org.bouncycastle.jcajce.provider.digest.SM3;
//import org.ofdrw.core.signatures.SigType;
//import org.ofdrw.gm.ses.v4.SES_Signature;
//import org.ofdrw.gm.ses.v4.TBS_Sign;
//import org.ofdrw.sign.verify.SignedDataValidateContainer;
//import org.ofdrw.sign.verify.exceptions.InvalidSignedValueException;
//
//import java.io.IOException;
//import java.security.GeneralSecurityException;
//import java.security.MessageDigest;
//import java.util.Arrays;
//
///**
// * @author qinxiang
// * @date 2020-10-10 10:17
// */
//public class SESV4ValidateContainer implements SignedDataValidateContainer {
//
//    @Override
//    public void validate(SigType type,
//                         String signAlgName,
//                         byte[] tbsContent,
//                         byte[] signedValue)
//            throws InvalidSignedValueException, IOException, GeneralSecurityException {
//        if (type == SigType.Sign) {
//            throw new IllegalArgumentException("签名类型(type)必须是 Seal，不支持电子印章验证");
//        }
//
//        // 计算原文摘要
//        MessageDigest md = new SM3.Digest();
//        byte[] actualDataHash = md.digest(tbsContent);
//
//        SES_Signature sesSignature = SES_Signature.getInstance(signedValue);
//        TBS_Sign toSign = sesSignature.getToSign();
//        byte[] expectDataHash = toSign.getDataHash().getOctets();
//
//        // 比较原文摘要
//        if (!Arrays.equals(actualDataHash, expectDataHash)) {
//            throw new InvalidSignedValueException("Signature.xml 文件被篡改，电子签章失效。("
//                    + toSign.getPropertyInfo().getString() + ")");
//        }
//
//        // 预期的电子签章数据，签章值
//        byte[] certDER = sesSignature.getCert().getOctets();
//        // 构造证书对象
//        byte[] octets = sesSignature.getSignature().getOctets();
//        byte[] ders = toSign.getEncoded("DER");
//        boolean b = SM2Utils.verifySign(Certificate.getInstance(certDER), ders, octets);
//        if (!b) {
//            throw new InvalidSignedValueException("电子签章数据签名值不匹配，电子签章数据失效。");
//        }
//
//    }
//}
